Results 1 to 25 of 38
-
07-15-2013, 08:00 AM #1
Protection from hacking - the basics
These days, more and more websites are being hacked due to several reasons. Being hacked can cause your site to lose all of it's data if the hacker get's full control of your site for long enough. Each backup replaces the last one so if the hacker has your site for long enough, the new backups will be of the hacked site and you will not have any original backups left. Thus all the available backups are useless. Please follow the advice below to keep this from happening:
1. If you haven't already, please immediately install one of the available Antivirus programs. If you use Microsoft Windows, I can suggest you install and use Microsoft Security Essentials or Microsoft Defender (it depends on the Windows version you own). You can get it for free if you havel Microsoft Windows from here: http://windows.microsoft.com/en-us/w...tials-download
Take care to update it daily with the latest update available. It usually happens automatically every time you connect to the internet. Do not forget to perform a full scan at least once per week using your antivirus, including all of your hard disks (internal or external) and on USB sticks.
2. No matter which antivirus program you use, please download this free software: http://www.malwarebytes.org/ from this location: http://www.malwarebytes.org/products/malwarebytes_free/
Install it on all your PCs and then update it to the latest version. This program will not cause a conflict with your installed antivirus. It works in addition every time you perform a full scan with it. You have to remember to update it at least once per week and then perform a full scan on all of your hard disks (internal or external) and on your USB sticks.
3. If you are using free site software such as WordPress or Joomla, Drupal, SMF, etc, you have to update this software immediately to the latest version every time it becomes available. Usually every new version of these software closes some 'holes' which hackers are using to attack your site. So if you leave an old version running on your site, it is very likely that you will be attacked by hackers. Please check often for new versions and update these.
4. In case you use free software such as WordPress, Joomla, Drupal, SMF, etc, it is wise to avoid using free templates, modules/plugins/components because some developers leave backdoors in order to offer access later to hackers. It is better to buy templates/themes/plugins so you can have support from their creators and update to new safer versions. Often hackers gain access from free templates or plugins/modules/components.
5. Another common method of hacking is to 'steal' FTP or cPanel passwords while you type it in order to access your site using keyloggers or other malware that may exist in your computer. The password for FTP/cPanel has to be very strong with numbers, letters, special characters, etc. Also you need to change your passwords from time to time. Randomly generated passwords are best and please avoid using simple words. I suggest using a random generator to change it once per month.
6. I suggest to keep your own backups generated from cPanel or other control panel. Download both zip file of all your files and another one for your database if you use any. You have to take as many backups as you can and keep a history of them safe on your computer.
I hope this article was helpful to you and if you remember nothing else, please run your antivirus/malware software and backup your site once per week.NetDynamics LLC - One-stop Solution for Hosting Needs
We love Backups! Backup storage for your server backups
-
07-15-2013, 08:06 AM #2Disabled
- Join Date
- Dec 2010
- Location
- 127.0.0.1
- Posts
- 5,732
Nice tutorial, maybe add ask your provider to give you a random username, and use a strong password as most accounts are the first five digits of the domain name which is easy to guess. eg:
Domain: example.com
cPanel Username: examp
-
07-15-2013, 08:38 PM #3Newbie
- Join Date
- Jan 2013
- Posts
- 22
Great Tips Thank's a lot
-
07-21-2013, 12:20 PM #4Web Hosting Evangelist
- Join Date
- Apr 2013
- Location
- Data center
- Posts
- 541
Thanks for this article.
To add to that refrain from using usernames such as ‘admin’ or ‘administrator’ when using for scripts such as wordpress or joomla. Hackers are usually targeting these.
.htaccess ip protection also works for administration directories.
-
07-21-2013, 12:38 PM #5Junior Guru Wannabe
- Join Date
- May 2013
- Posts
- 55
Re: Protection from hacking
Great article, since we not respect with any cracker who used hacker as a blackmail on this... totally different in my dictionary between hacker and cracker.
but keep on our mind always open so we can always aware better than will make sorry in the next.
great community will help us to keep aware as OP try to do... keep up bro
-
07-21-2013, 01:04 PM #6New Member
- Join Date
- Jun 2013
- Posts
- 4
Nice tips thank you very much.
-
08-01-2013, 03:03 AM #7Newbie
- Join Date
- Aug 2013
- Location
- Ernakulam
- Posts
- 17
Great tricks.. thank you so much
-
08-14-2013, 03:55 AM #8dd if=/dev/null of=/dev/sda
- Join Date
- Aug 2010
- Location
- Belgium
- Posts
- 657
Well, this is all interesting and all - but you don't need these steps if you can prevent instead of cure..
The main point is to secure your code, avoid third party code and make it yourself - if you can't make it yourself rent someone and make sure that they don't backdoor your service (this seems to be common with most freelancers lately, unfortunately.
Secondly, why would you have your Windows server clogged up like that? I'm pretty sure those will not stop anyone from placing fully undetectable malware or penetrating your server.█ AssetGateway
█ Skype da_arco
-
08-14-2013, 06:13 AM #9Aspiring Evangelist
- Join Date
- Oct 2010
- Location
- Iraq
- Posts
- 409
Hello,
you should change the subject to "Protection from basic hacking" tbh.
I appreciate what you mentioned but that will protect you from skiddies only .
Highest Regards
Mohammed HXsltel OÜ | Fast and Steady Internet services
cPanel Webhosting | VPS Hosting | Since 2011
-
08-14-2013, 06:41 AM #10NetDynamics LLC - One-stop Solution for Hosting Needs
We love Backups! Backup storage for your server backups
-
08-14-2013, 06:50 AM #11Web Hosting Guru
- Join Date
- May 2013
- Posts
- 294
And is malwarebytes.org necessary if you have AVAST?
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.Sancte Michael Archangele, defende nos in proelio, contra nequitiam et insidias diaboli esto praesidium. Imperet illi Deus, supplices deprecamur: tuque, Princeps militiae coelestis, Satanam aliosque spiritus malignos, qui ad perditionem animarum pervagantur in mundo, divina virtute, in infernum detrude. Amen
-
08-14-2013, 06:56 AM #12NetDynamics LLC - One-stop Solution for Hosting Needs
We love Backups! Backup storage for your server backups
-
08-15-2013, 12:07 PM #13Newbie
- Join Date
- Aug 2013
- Posts
- 6
Great tips, especially in this order.
Users mail us first, but 9 out of 10 times the reason a website got hacked was a stolen FTP password. So people need to check their own security in the first place.
I really don't think this is true and its an insult for hard working (free!) template designers and plug-in developers.
You should be aware for plug-ins that haven't been updated in a while though. Like all software and plug-ins you should keep them updated with the latest versions and security patches. Don't use a plug-in that is developed for an old WordPress version. Although it might work on the latest WP version, it clearly isn't updated for a while and might be a security risk.Last edited by cfmweb; 08-15-2013 at 12:11 PM.
-
10-10-2013, 05:45 PM #14New Member
- Join Date
- Oct 2013
- Posts
- 3
wow thank you for the security tips. The thing about changing a password is totaly right as a simple password can be easily brute forced
-
10-11-2013, 03:41 AM #15Disabled
- Join Date
- Mar 2007
- Posts
- 365
There's a lot to be said about security, you have covered a very, very small part of.
It would be a very good idea to cover this completely (more or less) within 1 topic, so the novice users can benefit from it.
Also, avast?!... I suppose it's best to have *SOME* antivirus, rather than don't have any.
-
10-11-2013, 07:14 AM #16NetDynamics LLC - One-stop Solution for Hosting Needs
We love Backups! Backup storage for your server backups
-
10-11-2013, 11:32 AM #17Newbie
- Join Date
- Feb 2012
- Posts
- 12
having an antivirus is important . Once i got hacked and the hacker stole my server's ftp accounts. That way he hacked my websites
-
10-16-2013, 09:47 AM #18Web Hosting Master
- Join Date
- Jun 2005
- Posts
- 2,896
[DC'S] SINGAPORE. AUSTRALIA. JAPAN. INDIA. CHINA HK. USA. UK. NETHERLANDS. SOUTH AFRICA
MyCompanyWeb™: Start Your Own Professional Web Hosting Company in 24 Hours
SkyNetHosting.Net Reseller Hosting. Resell VPS and Dedicated Servers 16 Years in Business!
Master Reseller + MailChannels + End User Support + NVMe SSD + LiteSpeed Your Reseller Hosting Specialist
-
10-18-2013, 01:59 AM #19Junior Guru Wannabe
- Join Date
- Sep 2013
- Posts
- 30
Good tips. However, there's one huge piece missing from your advice:
NEVER use FTP. Use SFTP only. Do not use a web host if they don't offer SFTP.
SFTP encrypts your communication, FTP does not, which means FTP can be easily broken by monitoring communications. You yourself, need not be the target in order for someone to sniff your password during FTP logins... if your web host is targeted and you log in via FTP, you've just had your password pickpocketed. And they don't care if you're nobody and you have nothing on your site... any foothold is good enough.
In fact, sites which are barely ever used, are the best targets - because, admins of those less-used sites won't notice the zombie botnet / spam factory / drug drop-shipping / etc on those sites.
By the way, all web hosts are being targeted at all times, so, using FTP is like pinning a $100 bill on a blind man's back and putting him on the bus. You can kiss it goodbye, guaranteed.
-
10-26-2013, 10:27 AM #20Newbie
- Join Date
- Oct 2013
- Posts
- 8
Hacking is really a very hilarious problem indeed.
I had a Wordpress website and it got attached by hackers several times. everytime I have to restore my website from step one. It was a very disappointing experience. You share an important piece of information regarding security from hacking. Keep sharing more information.
-
11-14-2013, 02:13 PM #21Junior Guru Wannabe
- Join Date
- Oct 2013
- Posts
- 30
nice tutorial and helpful information
-
11-26-2013, 09:12 AM #22Junior Guru
- Join Date
- Jun 2013
- Location
- Pekanbaru, ID
- Posts
- 227
Thanks, nice shared
-
11-27-2013, 08:51 AM #23Actively learning French
- Join Date
- Apr 2009
- Location
- OnTheWeb
- Posts
- 2,397
As a developer I would tend to disagree with point 3. Not all updates my Wordpress address security issues per se so not unless it does address a security concern, you do not need to update to the latest version. Constant updating can cause your website to break because some updates are simply to address bug fixes (which may not be of a major concern if you are a developer or have a developer on your payroll)
If you're the smartest person in the room then you're in the wrong room
-
12-20-2013, 04:55 PM #24Newbie
- Join Date
- May 2013
- Posts
- 22
Thank you for the advice Michael everyone should follow these steps for basic protection. It's sad when people have nothing better to do than destroy other peoples websites.
██ GeneratePress ~ The Best WordPress Theme I Have Ever Used
-
01-13-2014, 11:36 AM #25New Member
- Join Date
- Jan 2014
- Posts
- 4
protections
You should follow OWASP guidelines.
From my point of view, priority is :
1 Follow and Install security updates of your CMS.
2 Assess all your admin users and ensure they have a strong passwords.
3 Restrict access to administrative panels by source IP or with a first-level password (ie. htaccess).
4 Do not run your HTTP server with root/admin credentials.
5 Install a local web application firewall (WAF) such a mod_security.
6 Expensive: do perform a penetration tests by security experts.
Similar Threads
-
Hosting with Hacking Protection?
By wayandrs in forum Web HostingReplies: 32Last Post: 08-30-2012, 03:01 AM -
ethProxy DDoS Protection - Protection Anywhere! | Enterprise-Grade Managed Protection
By PeakVPN-KH in forum Other Hosting OffersReplies: 0Last Post: 04-29-2012, 05:09 PM -
The basics?
By vivithemage in forum Dedicated ServerReplies: 8Last Post: 03-31-2009, 12:27 PM -
Hacking server !!! not hacking accounts anymore
By AndyJ in forum Hosting Security and TechnologyReplies: 22Last Post: 01-24-2005, 04:53 PM